Sunday, November 29, 2009

"Joe Stewart from SecureWorks has put together an effective "eye chart" that sources its graphics from sites that Conficker would block. If you can't see one or more of the images, you're either infected, or image loading in your browser has been disabled.

Firefox users can check if image loading has been disabled under Tools/Options and the Content tab. Load Images Automatically should be checked. Internet Explorer users will find it under Tools/Internet Options, then the Advanced tab. Scroll down to Multimedia, and Show Pictures should be checked.

It's a test based on the fact that Conficker blocks legitimate security Web sites. The logos are sourced remotely, so if they can't load, the sites are also likely to be blocked. If you're seeing blocked images, you should check out the CNET guide to removing Conficker--just because the botnet hasn't done much that's demonstrably malicious yet doesn't mean it can't or won't in the future."

Open Virtualbox OSE, go to File > Virtual Media Manager(VMM) or just Ctrl + D. Click New button on the Hard Disk Tab. Follow the instructions, until finish. Make sure this time take care about the size of the partition. And finish the procedure (choose the right partition type, name and size. Now we have created a new Virtual Hard Disk (VHD).

2. Add the new VHD to the VCO

Exit the VMM by clicking OK button. On the Virtualbox OSE, Right Click the targeted VCO, go to setting.. (Make sure the VCO is Powered Off) Go to Hard Disks. Click the Add Attachment Button (Button with + ) and your newly created VHD will be inserted automatically and finish it with OK button.

3. Start targeted VCO

The VCO will detect and install the new VHD when startup and wait until it finish and the Right Click on My Computer, chooseManage. Computer Management will be opened and go to Storage > Disk Management. Your new VHD will be in the list but labeled as Unknown. At the time you click the Disk Management, there will be a popup for Disk Initialize and go through the procedure until finish. The new VHD will be detected as Unallocated.

4. Format the new VHD

Right click the Unallocated drive and choose New Volume. Go through the Procedure until finish depends on your requirement. And now you already have new disk partition on you VCO.

MalTrap is a research utility that monitors malware behavior by intercepting API calls on Windows and logging results. Though still in it's Alpha release and sparse on features, its a very interesting and useful tool.